If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

There’s four things of note here. Firstly it’s on Google’s domain, not some other domain like Google Gadgets or something. So yes, it’s bad for phishing and for cookies. Secondly, it’s over SSL/TLS (so no one should be able to see what’s going on, right?). Third, it could be used to hijack Google Buzz - as if anyone is using that product (or at least you shouldn’t be). And lastly isn’t it ironic that Google is asking to know where I am on the very same page that’s being compromised? Why on earth does Google think its systems are secure enough to trust them with that kind of sensitive information? Yes, bad guys can figure out where you’re located if you allow that function. Chinese dissidents beware! But if you have something to hide, you must be a bad guy, right, Eric?

Joe, it is meant to be twitter / facebook to social networking rolled into 1. I personally haven't spent much time on it, kind of find the whole social networking boring. I prefer rocking up at friends houses at all hours of the morning causing a ruckus.

A Article from Computer World about this "incident"

A common Web programming error could give hackers a way to take over Google Buzz accounts, a security expert said Tuesday. The flaw is a "medium-sized problem" with the Buzz for Mobile Web site, said Robert Hansen, CEO of SecTheory, who first reported the issue.
This type of Web programming error, called a cross-site scripting flaw, lets the attacker put his own scripting code into Web pages that belong to trusted Web sites such as Google.com. It is a fairly common flaw but one that can have major consequences when exploited on widely used Web sites.
The attacker "can force you to say things you don't want to say, to follow people," he said. "Whatever Google Buzz allows you to do, it allows him to do to you."
Because attackers can use the flaw to put their content on the Google.com domain, they could also create phishing attacks against Google users, Hansen said.
"If they left this unpatched, it could be horrible for any user of the site," he said. "It could easily be used to convince people that they're typing something into a valid Google sign-on page when they're really not."
The bug was discovered by a hacker known as TrainReq, who e-mailed Hansen details of the flaw without explanation. TrainReq is best known for posting photos stolen from pop star Miley Cyrus' e-mail account to the Internet.
Reached Tuesday afternoon Pacific Time, a Google spokesman confirmed that the company was working to fix the issue and predicted that it would be finished within a few hours.
"We're aware of a vulnerability that could affect users of Google Buzz for mobile, and we are now pushing a fix," spokesman Jay Nancarrow said via e-mail. "We have no indication that the vulnerability is being actively abused."
Launched last week, Google Buzz was blasted by some for automatically publishing lists of users' Gmail contacts with little notification. The company is making some changes this week to help alleviate those concerns.
However, the security flaw underscores another important issue, said Hansen, a vocal Google critic. "Google really can't be trusted with sensitive information because they can't protect their own applications."